Re: [PEN-TEST] Palm Pilot Security

[Rory <nazgul () CSN UL IE>]

There is a tool on the @stake website that steals passwords from
palms you have to get pretty close but it effectively makes the target
palm think that it is talking to a computer when infact it is another palm
her is the link to it

http://www. () stake com/research/advisories/2000/index.html#121400-1

cheers,
Rory
On
Thu, 25 Jan 2001, Mike Ahern wrote:

> A Quick Question...
>
> Does anyone have any real life experience in
> evaluating the security of Palm Pilot systems? Someone
> is proposing using the Palm along with RSA/Security
> Dynamics soft token, and as a method of gaining some
> remote network access. I am being asked to sign off on
> it.
>
> I understand that the Palm units may be password
> protected, but that on the original Palm Pilots you
> could remove the batteries to reset the unit &
> password. Also I understand that new Palm 5 units use
> an internal lithium rechargable battery, and have a
> reset button that can be used to "reboot" the Palm
> Pilot.
>
> I also am aware that the L0pht guys found a way in the
> past to undermine the security of the Cryptocard soft
> token.
>
> Anybody aware of methods to hack past the password
> protection on the Palm? I assume that like anything
> else, physical access equals potential for 100% system
> compromise. Anyone aware of any RSA/Security Dynamics
> soft token security issues on the Palm Pilot?
>
>
> Any thoughts or experiences shared (lessons learned)
> would be appreciated...
>
>
> - Mike
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices.
> http://auctions.yahoo.com/